Towards efficient and privacy-preserving network- Based botnet detection using netflow data

Proceedings of the 9th International Network Conference, INC 2012

Volumn , Issue , 2012, Pages 37-50

  Abt, S ^a   Baier, H ^a  

^a DARMSTADT UNIVERSITY OF APPLIED SCIENCES   (Germany)

Author keywords

Botnet detection; Large network operator; Netflow data; Privacy; Reference data set

Indexed keywords

DATA PRIVACY; INTERNET SERVICE PROVIDERS;

BOTNET DETECTIONS; DETECTION METHODS; INDUCED TRAFFICS; LARGE NETWORKS; NETFLOW DATA; NETWORK PACKETS; PRIVACY PRESERVING; REFERENCE DATA;

MALWARE;

EID: 84905223717     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (32)

1. Abt, S., (2009), "A statistical approach to flow-based network attack detection", Bachelor's thesis, Darmstadt University of Applied Sciences, Faculty of Computer Science, Darmstadt.
2. Adeel, M., Tokarchuk, L., Cuthbert, L., Feng, C.S., and Qin, Z.G., (2009), "A distributed framework for passive worm detection and throttling in p2p networks", in Proceedings of the 6th IEEE Consumer Communications and Networking Conference, pp. 1-5.
3. Arbor Networks, (2005-2011), Worldwide Infrastructure Security Report, Arbor Networks, Inc., http://www.arbornetworks.com/report (last accessed: January 2012).
4. Baecher, P., Koetter, M., Holz, T., and Dornseif, M., (2006), "The nepenthes platform: An efficient approach to collect malware", in Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006).
5. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., and Karir, M., (2009), "A survey of botnet technology and defenses", in Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security, pp. 299-304.
6. Binkley, J., and Singh, S., (2006), "An algorithm for anomaly-based botnet detection", in Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet.
7. Cisco Systems, (2007), "Netflow Services Solutions Guide", http://www.cisco.com/en/US/docs/ios/solutionsdocs/netflow/nfwhite.html (last accessed: January 2012).
8. Claise, B. (Editor), (2008), "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information", RFC 5101, http://tools.ietf.org/html/rfc5101.
9. th Annual Computer Security Applications Conference, pp. 131-140.
10. th Network and Distributed System Security Symposium.
11. Feily, M., Shahrestani, A., and Ramadass, S., (2009), "A survey of botnet and botnet detection", in Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies, pp. 268-273.
12. th European Symposium on Research in Computer Security, pp. 319-335.
13. Goebel, J., and Holz, T., (2007), "Rishi: Identify bot contaminated hosts by irc nickname evaluation", in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets.
14. Gorecki, C., (2007), "Trumanbox - improving malware analysis by simulating the internet", Diploma thesis, RWTH Aachen University, Department of Computer Science, Aachen.
15. th International Conference on Information, Communications Signal Processing, pp. 1-6.
16. Gu, G., Porras, P., Yegneswaran, V., Fong, M., and Lee, W., (2007), "Bothunter: Detecting malware infection through ids-driven dialog correlation", in Proceedings of the 16th USENIX Security Symposium, pp. 167-182.
17. th Annual Network and Distributed System Security Symposium (NDSS'08).
18. Gu, G., Perdisci, R., Zhang, J., and Lee, W., (2008b), "Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection", Usenix Security Symposium.
19. Karasaridis, A., Rexroad, B., and Hoeflin, D., (2007), "Wide-scale botnet detection and characterization", in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets.
20. Li, C., Jiang, W., and Zou, X., (2009), "Botnet: Survey and case study", in Proceedings of the International Conference on Innovative Computing, Information and Control, pp. 1184-1187.
21. Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., and Zhang, J., (2009), "Botnet: Classification, attacks, detection, tracing, and preventive measures", in EURASIP Journal on Wireless Communications and Networking, Vol. 2009.
22. nd IEEE LCN Workshop on Network Security (WoNS'2006).
23. Mirkovic, J. and Reiher, P., (2004), "A taxonomy of ddos attack and ddos defense mechanisms, " ACM SIGCOMM Computer Comunications Review.
24. Patterson, D., (2002), "A simple way to estimate the cost of downtime, " in Proceedings of the 16th USENIX conference on System administration, pp. 185-188.
25. Provos, N., McNamee, D., Mavrommatis, P., Wang, K., and Modadugu, N., (2007), "The ghost in the browser analysis of web-based malware", in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pp. 4-4.
26. Racine, S., (2004), "Analysis of internet relay chat usage by ddos zombies", Master's thesis, Swiss Federal Institute of Technology, Zurich.
27. th ACM SIGCOMM conference on Internet measurement.
28. nd conference on Steps to Reducing Unwanted Traffic on the Internet.
29. Scarfone, K., and Mell, P., (2007), "Guide to Intrusion Detection and Prevention Systems (IDPS)", Recommendation of the National Institute of Standards and Technology, Special Publication 800-94.
30. Strayer, W., Walsh, R., Livadas, C., and Lapsley, D., (2006), "Detecting botnets with tight command and control", in Proceedings of the 31st IEEE Conference on Local Computer Networks.
31. The Honeynet Project, (2005), "Know your enemy: Tracking botnets", http://www.honeynet.org/(last accessed: January 2012).
32. Thing, V., Sloman, M., Dulay, N., Venter, H., Eloff, M., Labuschagne, L., Eloff, J., and VonSolms, R., (2007), "A survey of bots used for distributed denial of service attacks, " IFIP International Federation for Information Processing, vol. 232, pp. 229.